Announcement Phishing / Extortion email followup.

#1
In a follow up to the email I sent out yesterday regarding the surge of Phishing / Extortion emails, please see the below from the UK police who have added more information to their site regarding the issue:

There is an increasing amount of spam Phising / Ransomware emails going around stating that email accounts have been compromised, and the person is reporting to have installed various bits of software on your PC and been watching your internet activity. This is a spoofed email which they send to appear to have come from your own email address. They also ask for a bitcoin payment to not share your browsing activity!

These emails are not being sent / received from your own emails, they are coming from random compromised servers across the internet.

You can safely ignore / delete these emails. Your accounts HAVEN'T been compromised, they are just phising.
https://www.actionfraud.police.uk/a...ms-their-own-passwords-in-new-sextortion-scam
 

toad

Managed Customer
#2
I've been getting these emails for 2 months now. When i first got it 3 months ago it was really convincing only because they had my email and password in the subject.

I never fall for emails as i have lots of computer experience unlike most ordinary people. I had to take a deep breath read the email several times trying to understand what exactly was going on. It took me about an hour to figure out and do some research to find out that it was a scam.

What really threw me off is the first email i got said, something about sending my 6 contacts pictures of myself. By coincidence i had exactly 6 contacts on my mobile which made me think that they really hacked my phone. But then i had to think about it more because i don't have a webcam.

The first email was really convincing, i could see why a lot of people will fall for it.

Another problem is ive always used the same password and email everywhere except websites that use my credit card which i use a different email and password ,

ive always used password123456

so it was hard to know which website that got hacked, and where they got my email and password from

i keep getting these emails every couple days, its really annoying

i had to go in many websites and change my old password from password123456 to a new generated password

the lesson i learned is don't use the same password everywhere, i should always use a different password in every website,

i use a different email for most websites i don't trust, and

i use this website to generate passwords

Strong Random Password Generator


i always pick most options and 128 letters passwords
except some websites don't allow you to have a password that long

example
dCmeut6rdwLdq#STczB?C2WyE9?@c33vq2KqtDukbX53RLPUVTkmXHz-W+gSfnkg92*_T8xnF82ndZD@Um5rAbm=NYA_BnR@$=LMKfqysJCQdc@Gmq-YzfBNEYZ9hhwN


here is an example of the email i got:

Code:
from: myemail@mydomain.com
subject: myemail@mydomain.com is compromised. password123456
to: myemail@mydomain.com
Hello!
I'm a programmer who cracked your email account and device about half year ago.
You entered a password on one of the insecure site you visited, and I catched it.
Of course you can will change your password, or already made it.
But it doesn't matter, my rat software update it every time.
Please don't try to contact me or find me, it is impossible, since I sent you an email from your email account.
Through your e-mail, I uploaded malicious code to your Operation System.
I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources.
Also I installed a rat software on your device and long tome spying for you.
You are not my only victim, I usually lock devices and ask for a ransom.
But I was struck by the sites of intimate content that you very often visit.
I am in shock of your reach fantasies! Wow! I've never seen anything like this!
I did not even know that SUCH content could be so exciting!
So, when you had fun on intime sites (you know what I mean!)
I made screenshot with using my program from your camera of yours device.
After that, I jointed them to the content of the currently viewed site.
Will be funny when I send these photos to your contacts! And if your relatives see it?
BUT I'm sure you don't want it. I definitely would not want to ...
I will not do this if you pay me a little amount.
I think $849 is a nice price for it!
I accept only Bitcoins.
My BTC wallet: 17XHRucfd4kx3W5ty7ySLGiKHqmPUUdpus
If you have difficulty with this - Ask Google "how to make a payment on a bitcoin wallet". It's easy.
After receiving the above amount, all your data will be immediately removed automatically.
My virus will also will be destroy itself from your operating system.
My Trojan have auto alert, after this email is looked, I will be know it!
You have 2 days (48 hours) for make a payment.
If this does not happen - all your contacts will get crazy shots with your dirty life!
And so that you do not obstruct me, your device will be locked (also after 48 hours)
Do not take this frivolously! This is the last warning!
Various security services or antiviruses won't help you for sure (I have already collected all your data).
Here are the recommendations of a professional:
Antiviruses do not help against modern malicious code. Just do not enter your passwords on unsafe sites!
I hope you will be prudent.
Bye.



next time a website gets hacked, i will know which website it is because i always use different passwords now,


i also use this website to see if my email is exposed out there from a hack
when i typed my email, it tells me which websites were hacked that i used my email in,
Have I Been Pwned: Check if your email has been compromised in a data breach


pawned.png





this explains why i've been getting spam for serveral years now, ive had my email for almost 20 years,

20 years with the same email and entering the same password either!

only reason my email has never been hacked is because thats the only place ive use a different password :D:D

well after 20 years of the same email, i think it's time to make a new email... :D

when i first started using the internet many years ago, security was the last time on my mind...
 
Last edited:
#3
I get about 10 of those every couple of days from various email addresses, a few mentioning passwords I used 10 years ago.

Trouble is, they will continue while the scam is working. You can check the wallets the emails mention on :

Some of these are the wallets I've seen so far which have bitcoins in them : 1NXNt72qfMhPZDffUEqryCYpEUzyR6LmgH | BitRef

1PL9ewB1y3iC7EyuePDoPxJjwC4CgAvWTo - received 1.74942477

1NXNt72qfMhPZDffUEqryCYpEUzyR6LmgH - received 1.93174783
 

toad

Managed Customer
#4
unfortunately many people will fall for the email because it mentions their password, and i think many people still use the same password everywhere,
it will take some time for people to know about the scam

the best we can do is inform people of the scam

i tried saving my password offline on paper or on an offline computer, but the problem is it takes too long, and now with my generated passwords it takes even longer,

i gave up on that, now i save all my passwords automatically on my google chrome account browser, it inputs the passwords automatically so i never have to remember my long 128 letter passwords:D

if my google account is hacked! i'd be doomed because it has every single password and website

except... my email password.. that's the ONLY password i never save, it's memorized in my mind

i wonder what will replace passwords in the future...
 
#5
Interesting enough the mails are sent to validated email addresses. Or at least emails that existed at some point. It doesnt seem to be random like normal spam.
 
#6
It's not random normal mails that's why Alfa, It's email and password matching from the hacked databases widely available such as the Anti public combo list.
 
#7
True. I was aware of that, but its also targetted at addresses that once existed but are not in hacked databases. These extortion emails are without a password in it.
 
#8
True. I was aware of that, but its also targetted at addresses that once existed but are not in hacked databases. These extortion emails are without a password in it.
Ah I see what you mean, Yes I've also had some of those from domains/emails that never existed prior, possibly just a scraper, opportunist email sampling mixed into their campaigns too
 

toad

Managed Customer
#10
i heard the hack was from linkedin but i don't ever remember signing up to that website


i got one in Japanese today!

Code:
こんにちは!
私は数ヶ月前にあなたの電子メールとデバイスをクラックしたハッカーです。
あなたが訪問したサイトの1つにパスワードを入力君た。それを傍受しました。
もちろん、それを変更したり、すでに変更したりすることができます。
しかし、それは問題ではありません、私のマルウェアは毎回それを更新しました。
私に連絡したり、私を見つけようとしないでください。それは不可能です。 私はあなたのアカウントからメールをあなたに送ったので、
あなたの電子メールを介して、私はあなたのオペレーションシステムに悪質なコードをアップロードしました。
私は友人、同僚、親戚とのあなたの連絡先のすべてを保存し、インターネットリソースへの訪問の完全な履歴を保存しました。
また、あなたのデバイスにトロイの木馬をインストールしました。
あなたは私の唯一の犠牲者ではない、私は通常、デバイスをブロックし、身代金を求める。
しかし、私は頻繁に訪れる親密なコンテンツのサイトにショックを受けました。
私はあなたの幻想にショックを受けている! 私はこれのようなものを見たことがない!
だから、あなたがサイトで楽しむとき(あなたは私が何を意味するか知っています!)
あなたのカメラのプログラムを使用してスクリーンショットを作成しました。
その後、私はそれらを現在閲覧されているサイトのコンテンツに結合しました。
これらの写真を連絡先に送信すると素晴らしいことがあります。
しかし、あなたがそれを望んでいないと確信しています。
したがって、私は沈黙のためにあなたからの支払いを期待しています。
私は$805が良い価格だと思います!
Bitcoin経由で支払う。
私のBTCウォレット: 1JDi4GbHUzCrrnT7BCYbnsyLyrFpNK7faP
あなたがこれを行う方法を知らない場合 - Googleに「BTCウォレットに送金する方法」を入力します。 難しくない。
指定された金額を受け取ると、妥協しているすべての材料は自動的に破壊されます。私のウイルスはあなた自身のオペレーティングシステムからも削除されます。
私のトロイの木馬は自動アラートを持っています。私はこのメールを読んだ後でメッセージを受け取ります。
私はあなたに支払いのための2日間を与える(正確に48時間)。
これが起こらない場合 - すべてのあなたの連絡先はあなたの暗い秘密の生活からクレイジーショットを取得します!
あなたが妨害しないように、あなたのデバイスはブロックされます(また、48時間後)
ばかなことしないで!
警察や友人はあなたを確実に助けません...
p.s. 私はあなたに将来のアドバイスを与えることができます。 安全でないサイトにはパスワードを入力しないでください。
私はあなたの慎重さを願っています。
お別れ。
 
Top